Re: [Repoze-dev] How to handle failed logins?

[Nuno Teixeira]

Hi Timmy!

Timmy Chan wrote:
 my current workflow for FriendlyFormPlugin is
  
 user goes to page, needs permission, gets 401
 repoze.who sends it to login_form_url
 user inputs data
 user gets sends to post_login_url, gets 401
 gets sent to login_form_url again
  
  is this a good method?  can i pass along the username somewhere?

I think that post_login_url shouldn't return 401. This view should be 
public. There you could check existence of repoze.who.identity environ 
var and do some HTTP redirect (calling webob.exc.HTTPFound method) based 
on it: calling login_form (including username on the query string) in 
case of failure or redirect to another page on success.

Good luck!
Nuno

 
 On Sat, Apr 17, 2010 at 7:46 PM, Timmy Chan timmy.cha...@gmail.com 
 mailto:timmy.cha...@gmail.com wrote:
 
 im using FriendlyFormPlugin, and i would like to retrieve the
 username that was input as part of the request.params, but its no
 longer there as part of the post_login_url's controller's page. this
 way i can set the default for username  on the signin if the
 password is incorrect. thanks
 
 

___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

Re: [Repoze-dev] FriendlyForm login count not incrementing on failed login

[Ian Stevens]

Thanks Gustavo. The version of FriendlyForm I'm using, 1.0.4, does not 
implement IAuthenticator. I get the following error:

ValueError: form: An object has failed to implement interface 
InterfaceClass repoze.who.interfaces.IAuthenticator
The authenticate attribute was not provided.

With form in only identifiers and challengers, the login counter does not 
increment. Any ideas?

Here are the relevant sections of my altered who.ini, with form in both 
identifiers and challengers:

[plugin:form]
use = repoze.who.plugins.friendlyform:FriendlyFormPlugin
login_form_url = /login
login_handler_path = /dologin
logout_handler_path = /logout
rememberer_name = auth_tkt
post_login_url = 
post_logout_url = 

[plugin:auth_tkt]
use = repoze.who.plugins.auth_tkt:make_plugin
secret = sekrit

[plugin:ldap_auth]
use = repoze.who.plugins.ldap:LDAPAuthenticatorPlugin
ldap_connection = ldap://ldap.foo.com
base_dn = ou=people,dc=foo,dc=local

[plugin:db_auth]
use = foo.lib.auth:DatabaseAuthenticatorPlugin

[...]

[identifiers]
plugins =
form;browser
auth_tkt

[authenticators]
plugins =
form
ldap_auth
db_auth

[challengers]
plugins =
form;browser

thanks,
Ian.

On 2010-04-19, at 5:00 PM, Gustavo Narea wrote:

 Hello, Ian.
 
 It sounds like you've not added the plugin to the authenticators in
 repoze.who.
 
 Make sure to add form to both the identifiers and challengers.
 
 HTH,
 
 - Gustavo.
 
 
 On 15/04/10 17:22, Ian Stevens wrote:
 I've built a LDAP authorizing login using repoze.who-1.0.10 and 
 repoze.who.plugins.ldap-1.0 under Pylons-0.9.7. Now I want to use 
 repoze.who_friendlyform-1.0.4 to report  an incorrect login message to the 
 user. Unfortunately, the login count doesn't seem to be incrementing.
 
 Before I go into detail, is there a simpler way to display a message to the 
 user on a failed login? Am I dense or is this much more than an effort than 
 it should be? Most searches I've tried pull up FriendlyForm.
 
 The problem is that 
 repoze.who.plugins.friendlyform.FriendlyFormPlugin.challenge() does not get 
 called on a login attempt, so the counter (in both environ and the query) 
 doesn't increment. Valid users authenticate OK.
 
 I wrote my own authenticator which checks to see whether an authorized LDAP 
 user exists in the app DB, and my own mdprovider which copies the related 
 user object from the DB to the repoze identity. Everything else is in line 
 with the tutorials.
 
 The code and config is below. The make_redirecting_plugin method which 
 FriendlyForm lacks is ripped from repoze.who.plugins.form. Any ideas as to 
 how to get this working would much appreciated.
 
 thanks,
 Ian.
 
 The form section of who.ini:
 
 [plugin:form]
 use = foo.lib.auth:make_redirecting_plugin
 login_form_url = /login
 login_handler_path = /dologin
 logout_handler_path = /logout
 rememberer_name = auth_tkt
 
 [plugin:auth_tkt]
 use = repoze.who.plugins.auth_tkt:make_plugin
 secret = sekrit
 
 Method referenced above:
 
 def make_redirecting_plugin(login_form_url=None,
login_handler_path='/login_handler',
logout_handler_path='/logout_handler',
rememberer_name=None):
Taken from repoze.who.plugins.form for FriendlyForm.
if login_form_url is None:
raise ValueError(
'must include login_form_url in configuration')
if login_handler_path is None:
raise ValueError(
'login_handler_path must not be None')
if logout_handler_path is None:
raise ValueError(
'logout_handler_path must not be None')
if rememberer_name is None:
raise ValueError(
'must include rememberer key (name of another IIdentifier 
 plugin)')
plugin = FriendlyFormPlugin(login_form_url,
   login_handler_path,
   None,
   logout_handler_path,
   None,
   rememberer_name)
return plugin
 
 The code for generating the login form:
 
 def login(self):
identity = request.environ.get('repoze.who.identity')
if identity is not None:
came_from = request.params.get('came_from', None)
if came_from:
redirect_to(str(came_from))
 
return render('/login.mako').encode('utf8')
 
 The above template checks the counter in environ and outputs a login error 
 if it's greater than 0.
 ___
 Repoze-dev mailing list
 Repoze-dev@lists.repoze.org
 http://lists.repoze.org/listinfo/repoze-dev
 
 
 
 -- 
 Gustavo Narea xri://=Gustavo.
 

___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue100] Configurable character set support for repoze.who and repoze.what

[Tres Seaver]

Tres Seaver tsea...@agendaless.com added the comment:

The only correct way to decode values in the payload of an HTTP POST request
is to use the charset supplied in the Content-Type header of that request, or
fall back to ISO-8859-1.

RFC 2616, section 3.7.1, says:

  When no explicit charset parameter is provided by the sender, media subtypes
of the text
   type are defined to have a default charset value of ISO-8859-1 when 
received via HTTP.

--
status: resolved - chatting

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue100
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue114] Documentation error

[Tres Seaver]

Tres Seaver tsea...@agendaless.com added the comment:

Thanks very much for the report!

Fixed on the trunk in r9049.

Fixed on the 1.0 branch in 9050.

--
status: chatting - resolved

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue114
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue41] INITools for zc.buildout-style config files

[Tres Seaver]

Tres Seaver tsea...@agendaless.com added the comment:

Looks interesting.  I'm not sure I'd want to document how to use the feature,
though. ;)

--
priority: feature - wish
status: unread - chatting

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue41
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue111] repoze.who.plugins.ldap enhancements

[Tres Seaver]

Tres Seaver tsea...@agendaless.com added the comment:

That plugin tracks its bugs in Launchpad:

 https://bugs.launchpad.net/repoze.who.plugins.ldap

--
status: unread - chatting

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue111
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue41] INITools for zc.buildout-style config files

[Tres Seaver]

Tres Seaver tsea...@agendaless.com added the comment:

That code now lives at BitBucket:

  http://bitbucket.org/ianb/initools/

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue41
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev